At the global scale, online businesses and their customers suffer billions of dollars in fraud losses annually. There are some important things ecommerce businesses should keep in mind.
Start with a definition. “Ecommerce fraud” describes several forms of payment or identity fraud in which a criminal or criminals use stolen or fake payment information to place an online order. If the order is shipped, the crook or crooks can collect their booty by having it sent to, say, a freight forwarder or snatching it from a front step.
These crimes have several victims. There is the person whose payment card or other payment information was stolen. Thankfully, these folks will be reimbursed in most cases. Unfortunately, the merchant that processed the fraudulent order will typically provide that reimbursement.
Thus the merchant is the second victim. In many cases, the merchant will lose any merchandise the fraudster ordered, refund the person whose payment information was stolen, and pay associated credit-card chargeback fees.
In the North American edition of its 2017 “Online Fraud Benchmark Report” (PDF), CyberSource stated that an online business could expect to lose 0.8 – 0.9 percent of ecommerce sales to fraud each year.
There may also be third parties affected. A single parent who answered a “work at home” ad on Craigslist may have the local police knock on her door to tell her she is under investigation for forwarding stolen property.
Merchants face a balancing act. On the one hand, they want to minimize fraud. But rejecting every order with a different ship-to address or a different billing address could anger legitimate shoppers, hurting sales.
To help put this problem into perspective, here are three things ecommerce operators should know.
Online Fraud Increasing
“With 16.7 million reported victims of identity fraud in 2017…it was another record year for the number of fraud victims,” according to an Experian report, adding, “This past year, we saw more than a 30-percent increase in ecommerce fraud attacks compared to 2016.”
While there are theories suggesting why ecommerce fraud is on the rise, two stand out.
First, the EMV chip placed in physical payment cards may be shifting fraud from in-store to online.
“Today 90 percent of credit cards have a chip in them, and almost all major retailers have changed their point of sale payment systems,” wrote Matt Tatham, manager of content insights at Experian Consumer Services.
“The good news: Visa found that counterfeit card fraud has declined 52 percent since merchants started using chip-enabled cards. The bad news: criminals are migrating their fraud activity online where a physical credit card is not necessary.”
A second fraud driver may be the availability of stolen consumer information. While reported data losses were down in the first quarter of 2018, according to an IBM SecurityIntelligence report, there were still 686 data breaches reported in the first three months of this year, representing more than 1.4 billion exposed records.
More than a billion stolen records in just a three-month period could enable a lot of ecommerce fraud.
Mobile Fraud Coming
Mobile commerce is on the rise. In 2018, 17 percent of online merchants surveyed for Kount’s “The State of Mobile Payments and Fraud” 2018 report said they earned more than half of their ecommerce revenue from mobile orders.
The same report estimated that in just a few years, one in five online retailers could be deriving as much as 32 percent of sales from mobile.
Now consider that mobile payments can differ from other ecommerce payments. Mobile shoppers may be more likely to use mobile wallets, payment alternatives like PayPal, or cyber currencies.
These factors leave questions about if and how mobile commerce fraud prevention will differ from desktop.
To address this, ecommerce operations should begin to track ecommerce fraud by channel. They could then identify mobile commerce fraud and create meaningful profiles for fraud prevention.
In the end, it may be that fraud prevention will look the same for both desktop and mobile orders. But it might not.
Fraud Prevention Costly
There are a number of automated fraud prevention tools.
However, remember that overzealous ecommerce fraud prevention can be costly too.
“The Merchant Risk Council’s 2017 Global Fraud Survey showed that the average online store declined 2.6 percent of all incoming orders due to fear of fraud, including 3.1 percent of all orders worth over $ 100,” wrote Riskified’s marketing director, Shalhevet Zohar, in a recent blog post. “For a $ 25 million business, this means rejecting orders worth more than $ 600,000 annually.”
Ecommerce businesses need to minimize both fraudulent transactions and false positives.